House Panel Investigates FDIC Breach

A House committee is seeking information about security breaches at the Federal Deposit Insurance Corp. in the wake of a former employee departing the agency with a mobile storage device containing sensitive data on more than 44,000 individuals.

Rep. Lamar Smith, the Texas Republican who chairs the House Science, Space and Technology Committee, characterizes the breach as "troubling" in an April 8 letter he wrote to FDIC Chairman Martin Gruenberg. "Sensitive information that is housed for any length of time without proper measures in place to mitigate cybersecurity risks is susceptible to a breach," Smith wrote. "Even more troubling, the potential for a breach is especially heightened when sensitive information for over 44,000 individuals is stored without proper security measures."

Smith confirms an FDIC worker in the process of leaving a job at the agency copied personal information of 44,000 individuals onto a personal portable storage device.

According to a memo from Gruenberg obtained by the Washington Post, which first reported the breach, the employee left the FDIC on Feb. 26, taking the storage device from the premises "inadvertently and without malicious intent." Using technology to track downloads to removable devices, the FDIC detected the breach on Feb. 29 and the employee returned the device the next day.

FDIC Eliminating Portable Storage Device Use

FDIC spokeswoman Barbara Hagenbaugh told the Post the agency has eliminated the use of portable storage devices for most employees and plans to do that for others. The former employee signed an affidavit indicating the breached information was not used in any way, Hagenbaugh told the newspaper. The affected data included names, addresses and Social Security numbers. The trade publication American Banker reports the exposed customer information came from closed banks.

Smith says the committee wants to ensure that the FDIC is taking appropriate action to mitigate the risks posed by the incident as well as other cybersecurity risks. The committee seeks documentation regarding the incident as well as detailed descriptions of all major security breaches involving FDIC information since Jan. 1, 2009.

Smith's committee is investigating the breach because it has jurisdiction over the National Institute of Standards and Technology, which develops cybersecurity standards for government agencies.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.